After hitting Altran and Norsk Hydro, LockerGoga operators this week turned their sights to two chemicals companies in the United States.

Hexion and Momentive, both controlled by the same investment fund, were hit by ransomware on March 12, according to a leaked internal email cited by Motherboard.

“On
the day of the attack, some of the companies’ Windows computers were hit with a
blue screen error and their files encrypted, said the current employee, who
asked to remain anonymous as they were not authorized to speak to the press,”
Motherboard wrote.

Hexion
and Momentive both make industrial chemicals. Like all large-scale production
facilities, they heavily rely on computers and automation, so a malware
outbreak could completely halt operations and cause massive disruption and
financial loss. And that’s what happened on March 12.

According
to the report, CEO Jack Boss said the incident caused a “global IT outage” and
the companies deployed “SWAT teams” to detain it. Boss’s email included a
screenshot of the ransomware note, which implicates LockerGoga, the ransomware
family used to hit French engineering consulting firm Altran and Norway’s
aluminum giant Norsk Hydro last week.

Boss’s
email also said the company has ordered “hundreds of new computers,” and
that the data on the computers hit with the ransomware is most likely lost
forever. Contacted by the publication via telephone, neither company commented
on the incident. It’s believed LockerGoga operators have hit elsewhere in the
world as well. Some say LockerGoga is not very effective at collecting a ransom
for its operators. But if it’s good at one thing, it’s disrupting operations.